search

aquasecurity / trivy-action

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities
Apache License 2.0
800 stars 231 forks source link

fs scan error: scan error: scan failed: failed analysis: walk filesystem: walk dir error: unknown error with /github/workspace: lstat /github/workspace: no such file or directory #404

Open salmannaseempb opened 1 week ago

salmannaseempb commented 1 week ago

There seems to be an issue with the latest release v0.26.0 while scanning with trivy-action.

Expected Output:

A successful scan

Actual Output:

scan error: scan failed: failed analysis: walk filesystem: walk dir error: unknown error with /github/workspace: lstat /github/workspace: no such file or directory

name: Run Trivy vulnerability scanner to source code
uses: aquasecurity/trivy-action@master
with:
    scan-type: fs
    scan-ref: /github/workspace/
    format: "table"
    exit-code: "0"
    ignore-unfixed: true
    vuln-type: "os,library"
    severity: "CRITICAL,HIGH"

Downgrading it to v0.23.0 still works

afdesk commented 1 week ago

Hi @salmannaseempb thanks for the report!

Is this issue repeatable?

sergei-maertens commented 1 week ago

In a20de5420d57c4102486cdd9578b45609c99d7eb the action was changed from docker based to use a composite action, meaning that the mount paths no longer are correct (the docs are, but only if you use those particular pinned versions).

Replacing scan-ref: /github/workspace/ with scan-ref: ${{ github.workspace }}/ should fix the problem.

Versions up to and including 0.25.0 don't have that commit.